> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
>
> Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
> ---
> doc/guides/rel_notes/release_21_11.rst | 5 +++++
> lib/security/rte_security.h | 7 +++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst
> b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
> * Added SA option to indicate whether outer header verification need to be
> done as part of inbound IPsec processing.
>
> +* security: add IPsec SA option to configure UDP ports verification
> +
> + * Added SA option to indicate whether UDP ports verification need to be
> + done as part of inbound IPsec processing.
> +
Reword as
+* security: A new option ``udp_ports_verify`` is added in structure
+ ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+ verification need to be done as part of inbound IPsec processing.
+
>
> Known Issues
> ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
> */
> uint32_t udp_encap : 1;
>
> + /** Verify UDP encapsulation ports in inbound
> + *
> + * * 1: Match UDP source and destination ports
> + * * 0: Do not match UDP ports
> + */
> + uint32_t udp_ports_verify : 1;
> +
> /** Copy DSCP bits
> *
> * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
All new options should be added in the end of this structure for backward
compatibility.
